Web Pages being redirected all the time !!

[khali1]

Hi, Can someone enlighten me as to which of the following Hijack This files could be causing my problems. When i do a scan on Hijack This the following is exactly what the scan log comes back with:-


Logfile of HijackThis v1.99.1
Scan saved at 16:42:07, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Ford Family\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westbaysurfboards.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{17EA74F3-866A-4EFB-9A43-85A89449542C}: NameServer = 85.255.116.86,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{24FDC144-7789-4329-948F-0CBCD08AAE27}: NameServer = 85.255.116.86,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{34DB6A32-14F3-4988-B2DE-E328E88BBCDF}: NameServer = 85.255.116.86 85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\..\{17EA74F3-866A-4EFB-9A43-85A89449542C}: NameServer = 85.255.116.86,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


Any advise would be very welcome indeed.

 

[Osiris]

please go thru my guide

 

[ben_ben]

These can we removed!


Visitor's assessment Analyzerdetails Unknown
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe

Kind


Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Visitor's assessment Analyzerdetails Unknown
O17 - HKLM\System\CCS\Services\Tcpip\..\{17EA74F3-866A-4EFB-9A43-85A89449542C}: NameServer = 85.255.116.86,85.255.112.157

Kind


Do you know the IP or Domain '85.255.116.86,85.255.112.157'? If not, fix this entry.
Visitor's assessment Analyzerdetails Unknown
O17 - HKLM\System\CCS\Services\Tcpip\..\{24FDC144-7789-4329-948F-0CBCD08AAE27}: NameServer = 85.255.116.86,85.255.112.157

Kind


Do you know the IP or Domain '85.255.116.86,85.255.112.157'? If not, fix this entry.
Visitor's assessment Analyzerdetails Unknown
O17 - HKLM\System\CCS\Services\Tcpip\..\{34DB6A32-14F3-4988-B2DE-E328E88BBCDF}: NameServer = 85.255.116.86 85.255.112.157

Kind


Do you know the IP or Domain '85.255.116.86 85.255.112.157'? If not, fix this entry.
Visitor's assessment Analyzerdetails Unknown
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157

Kind


Do you know the IP or Domain '85.255.116.86 85.255.112.157'? If not, fix this entry.
Visitor's assessment Analyzerdetails Unknown
O17 - HKLM\System\CS1\Services\Tcpip\..\{17EA74F3-866A-4EFB-9A43-85A89449542C}: NameServer = 85.255.116.86,85.255.112.157

Kind


Do you know the IP or Domain '85.255.116.86,85.255.112.157'? If not, fix this entry.
Visitor's assessment Analyzerdetails Unknown
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.157

Kind


Do you know the IP or Domain '85.255.116.86 85.255.112.157'? If not, fix this entry.
Visitor's assessment Analyzerdetails
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL